面向运行时行为的Android恶意应用检测系统的设计与实现
esign and Implementation about Android Malware Detection System Based on Runtime Behaviors
随着移动互联网的快速发展和Android恶意应用数量的逐年增长,近年来恶意应用的检测问题已经成为学术界和工业界关注的热点。本文提出并实现了一种面向运行时行为的Android恶意应用检测系统,该系统采用C/S结构:客户端通过进程注入和虚拟机实例的动态修改,实现对Android API的实时拦截并自动上传行为记录;服务器通过对行为记录的特征分析和基于机器学习的特征识别,实现对待测应用的有效分类。本文还使用1000个真实应用程序对系统进行测试,测试结果表明该系统能够有效对未知恶意应用进行检测。
With the rapid development of mobile Internet and the growing number of Android malicious applications, the detection of malicious applications has become a hot topic in academia and industry. In this paper, a malicious application detection system for Android is proposed, which uses C/S architecture. The client injects process and dynamicly changes virtual machine instance, to achieve real-time interception of the Android API and upload behavior records. Through the analysis of the behavioral records and the recognition based on machine learning, the server realizes the effective classification of the applications. The experiment is conducted with 1000 real-world applications and the results show that the system can effectively detect unknown malicious applications.
黎淑兰、范文浩、桑耀辉
计算技术、计算机技术
数据安全与计算机安全动态行为分析机器学习
ata security and computer securityDynamic behavior analysismachine learning
黎淑兰,范文浩,桑耀辉.面向运行时行为的Android恶意应用检测系统的设计与实现[EB/OL].(2016-12-22)[2025-08-02].http://www.paper.edu.cn/releasepaper/content/201612-449.点此复制
评论